ci: use sshpass with env vars for passphrase-protected SSH keys
CI Pipeline / HTML Lint (push) Successful in 7s
Deploy QA / Build and Push (push) Successful in 16s
CI Pipeline / Build Docker Image (push) Successful in 56s
CI Pipeline / Security Scan (push) Successful in 10s
Deploy QA / Deploy to QA (push) Failing after 18s
CI Pipeline / HTML Lint (push) Successful in 7s
Deploy QA / Build and Push (push) Successful in 16s
CI Pipeline / Build Docker Image (push) Successful in 56s
CI Pipeline / Security Scan (push) Successful in 10s
Deploy QA / Deploy to QA (push) Failing after 18s
This commit is contained in:
@@ -55,18 +55,24 @@ jobs:
|
||||
needs: build-and-push
|
||||
steps:
|
||||
- name: Deploy via SSH
|
||||
env:
|
||||
DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
|
||||
DEPLOY_PASSPHRASE: ${{ secrets.DEPLOY_PASSPHRASE }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"
|
||||
eval $(ssh-agent -s)
|
||||
echo "${{ secrets.DEPLOY_SSH_KEY }}" > /tmp/deploy_key
|
||||
|
||||
printf '%s\n' "$DEPLOY_SSH_KEY" > /tmp/deploy_key
|
||||
chmod 600 /tmp/deploy_key
|
||||
ssh-keygen -p -P "${{ secrets.DEPLOY_PASSPHRASE }}" -N "" -f /tmp/deploy_key
|
||||
ssh-add /tmp/deploy_key
|
||||
rm -f /tmp/deploy_key
|
||||
mkdir -p ~/.ssh
|
||||
printf '%s\n' "$DEPLOY_PASSPHRASE" > /tmp/passphrase
|
||||
|
||||
sudo apt-get update -qq && sudo apt-get install -y -qq sshpass
|
||||
|
||||
ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
ssh ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
|
||||
|
||||
sshpass -f /tmp/passphrase ssh -i /tmp/deploy_key \
|
||||
-o StrictHostKeyChecking=no \
|
||||
${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
|
||||
-e REGISTRY_URL=${{ env.REGISTRY_URL }} \
|
||||
-e IMAGE_NAME=${{ env.IMAGE_NAME }} \
|
||||
-e IMAGE_TAG=${IMAGE_TAG} \
|
||||
|
||||
Reference in New Issue
Block a user